#2... sorry typing error Re: port stealth mode?

Leslie Jensen leslie at eskk.nu
Wed Aug 20 17:16:20 UTC 2008


Jeremy Chadwick skrev:
> On Wed, Aug 20, 2008 at 04:13:01PM +0200, Leslie Jensen wrote:
>> I've done some testing with Steve Gibsons "Shields up"
>> https://www.grc.com/x/ne.dll?bh0bkyd2
>>
>> These tests lists the ports as closed but visible.
>>
>> Instead the site suggest that one uses stealth so that the ports are not  
>> visible from the Internet.
>>
>> Is there a way to achieve this with PF?
> 
> The "block" directive, along with "set block-policy drop" should suffice
> for accomplishing this in pf.
> 

Thank you Jeremy.

I had "return" instead of "drop".

Now when I do the test the ports 0, 1 and 53 are closed, not dropped.

I do not have any rules to allow these ports.

Any suggestions on what might be the reason for this?

/Leslie
_______________________________________________
freebsd-pf at freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "freebsd-pf-unsubscribe at freebsd.org"


More information about the freebsd-pf mailing list